show aaa group name

This chapter includes the show aaa group name command output tables.

show aaa group name

Table 1. show aaa group name Command Output Descriptions
Field Description

Group name

The AAA server group name.

Context

The context name.

Diameter config:

Authentication:

Dictionary

The Diameter dictionary used for authentication.

Important 

The prefix "dynamic-load" is appended to the dictionary name if the dictionary is dynamically configured in AAA group.

Endpoint name

The Diameter endpoint used for authentication.

Max-transmissions

The maximum number of transmission attempts for Diameter authentication.

Max-retries

The number of retry attempts for Diameter authentication requests.

Request-timeout

The Diameter authentication request timeout period.

Redirect-host-avp

Indicates whether to use just one returned AVP, or use the first returned AVP as selecting the primary host and the second returned AVP as selecting the secondary host.

Upgrade-dict-avps

Displays the upgrade-dict-avps attribute value if configured in AAA group. If not configured, this field displays the default value.

Strip-leading-digit user-name

Displays whether or not the stripping of leading digit from User-Name AVP is enabled or disabled.

Accounting:

Dictionary

The Diameter dictionary used for accounting.

Important 

The prefix "dynamic-load" is appended to the dictionary name if the dictionary is dynamically configured in AAA group.

Endpoint name

The Diameter endpoint used for accounting.

Max-transmissions

The maximum number of transmission attempts for Diameter accounting.

Max-retries

The number of retry attempts for Diameter accounting requests.

Request-timeout

The Diameter accounting request timeout period.

HD-mode

Displays the HD-mode value if configured in AAA group. If not configured, this field displays the default value.

HD-policy

Displays the HD-storage-policy value if configured in AAA group. If not configured, this field displays the default value.

Upgrade-dict-avps

The Diameter accounting request timeout period.

SDC-Integrity

Indicates whether or not the SDC Integrity feature is enabled. This feature is used to protect the integrity of SDCs on Rf interface.

Important 

This feature is customer-specific. For more information, contact your Cisco Account representative.

Radius Config:

Dictionary

The RADIUS dictionary.

Strip-domain

Indicates whether the domain is stripped from the user name prior to authentication or accounting.

Authenticator-validation

Indicates whether the MD5 authentication of RADIUS user is enabled.

Allow authentication-down

Indicates whether the system allows subscriber sessions when RADIUS authentication is unavailable.

Allow accounting-down

Indicates whether the system allows subscriber sessions when RADIUS accounting is unavailable.

Attributes:

Nas-identifier

The attribute name by which the system is identified in Access-Request messages.

Nas-ip

The AAA interface IP address(es) used to identify the system.

Nas-ip backup

The IP address of the secondary interface to use in the current context.

Nexthop

The next hop IP address for this NAS IP address.

MPLS-label

Indicates the MPLS label used for traffic from the specified RADIUS client NAS IP address.

VRF

The Virtual Routing and Forwarding (VRF) Context instance associated with this AAA group.

Authentication

called-station-id

Indicates whether RADIUS authentication attribute for called station id is enabled.

The attribute must also be supported in the configured RADIUS dictionary.

calling-station-id

Indicates whether RADIUS authentication attribute for calling station id is enabled.

The attribute must also be supported in the configured RADIUS dictionary.

imsi

Indicates whether RADIUS authentication attribute for IMSI is enabled.

The attribute must also be supported in the configured RADIUS dictionary.

3gpp-pdp-type

Indicates whether RADIUS authentication attribute for 3GPP PDP type is enabled.

The attribute must also be supported in the configured RADIUS dictionary.

3gpp-cg-address

Indicates whether RADIUS authentication attribute for 3GPP CG address is enabled.

The attribute must also be supported in the configured RADIUS dictionary.

3gpp-gprs-qos-negotiated-profile

Indicates whether RADIUS authentication attribute for 3GPP GPRS QoS negotiated profile is enabled.

The attribute must also be supported in the configured RADIUS dictionary.

3gpp-sgsn-address

Indicates whether RADIUS authentication attribute for 3GPP SGSN address is enabled.

The attribute must also be supported in the configured RADIUS dictionary.

3gpp-ggsn-address

Indicates whether RADIUS authentication attribute for 3GPP GGSN address is enabled.

The attribute must also be supported in the configured RADIUS dictionary.

3gpp-imsi-mcc-mnc

Indicates whether RADIUS authentication attribute for 3GPP IMSI MCC MNC is enabled.

The attribute must also be supported in the configured RADIUS dictionary.

3gpp-ggsn-mcc-mnc

Indicates whether RADIUS authentication attribute for 3GPP GGSN MCC MNC is enabled.

The attribute must also be supported in the configured RADIUS dictionary.

3gpp-nsapi

Indicates whether RADIUS authentication attribute for 3GPP NSAPI is enabled.

The attribute must also be supported in the configured RADIUS dictionary.

3gpp-select-mode

Indicates whether RADIUS authentication attribute for 3GPP select mode is enabled.

The attribute must also be supported in the configured RADIUS dictionary.

3gpp-charging-characteristics

Indicates whether RADIUS authentication attribute for 3GPP charging characteristics is enabled.

The attribute must also be supported in the configured RADIUS dictionary.

3gpp-sgsn-mcc-mnc

Indicates whether RADIUS authentication attribute for 3GPP SGSN MCC MNC is enabled.

The attribute must also be supported in the configured RADIUS dictionary.

3gpp-imeisv

Indicates whether RADIUS authentication attribute for 3GPP imeisv is enabled.

The attribute must also be supported in the configured RADIUS dictionary.

3gpp-rat-type

Indicates whether RADIUS authentication attribute for 3GPP RAT type is enabled.

The attribute must also be supported in the configured RADIUS dictionary.

3gpp-user-location-info

Indicates whether RADIUS authentication attribute for 3GPP user location information is enabled.

The attribute must also be supported in the configured RADIUS dictionary.

3gpp-ms-timezone

Indicates whether RADIUS authentication attribute for 3GPP ms timezone is enabled.

The attribute must also be supported in the configured RADIUS dictionary.

Accounting

called-station-id

Indicates whether RADIUS accounting attribute for called station id is enabled.

The attribute must also be supported in the configured RADIUS dictionary.

calling-station-id

Indicates whether RADIUS accounting attribute for calling station id is enabled.

The attribute must also be supported in the configured RADIUS dictionary.

acct-input-octets

Indicates whether RADIUS accounting attribute for accounting input octets is enabled.

The attribute must also be supported in the configured RADIUS dictionary.

acct-input-packets

Indicates whether RADIUS accounting attribute for accounting input packets is enabled.

The attribute must also be supported in the configured RADIUS dictionary.

acct-session-time

Indicates whether RADIUS accounting attribute for accounting session time is enabled.

The attribute must also be supported in the configured RADIUS dictionary.

acct-output-octets

Indicates whether RADIUS accounting attribute for accounting output octets is enabled.

The attribute must also be supported in the configured RADIUS dictionary.

acct-output-packets

Indicates whether RADIUS accounting attribute for accounting output packets is enabled.

The attribute must also be supported in the configured RADIUS dictionary.

event-timestamp

Indicates whether RADIUS accounting attribute for event timestamp is enabled.

The attribute must also be supported in the configured RADIUS dictionary.

imsi

Indicates whether RADIUS accounting attribute for IMSI is enabled.

The attribute must also be supported in the configured RADIUS dictionary.

3gpp-charging-id

Indicates whether RADIUS accounting attribute for 3GPP charging ID is enabled.

The attribute must also be supported in the configured RADIUS dictionary.

3gpp-pdp-type

Indicates whether RADIUS accounting attribute for 3GPP PDP type is enabled.

The attribute must also be supported in the configured RADIUS dictionary.

3gpp-cg-address

Indicates whether RADIUS accounting attribute for 3GPP CG address is enabled.

The attribute must also be supported in the configured RADIUS dictionary.

3gpp-gprs-qos-negotiated-profile

Indicates whether RADIUS accounting attribute for 3GPP GPRS QoS negotiated profile is enabled.

The attribute must also be supported in the configured RADIUS dictionary.

3gpp-sgsn-address

Indicates whether RADIUS accounting attribute for 3GPP SGSN address is enabled.

The attribute must also be supported in the configured RADIUS dictionary.

3gpp-ggsn-address

Indicates whether RADIUS accounting attribute for 3GPP GGSN address is enabled.

The attribute must also be supported in the configured RADIUS dictionary.

3gpp-imsi-mcc-mnc

Indicates whether RADIUS accounting attribute for 3GPP IMSI MCC MNC is enabled.

The attribute must also be supported in the configured RADIUS dictionary.

3gpp-ggsn-mcc-mnc

Indicates whether RADIUS accounting attribute for 3GPP GGSN MCC MNC is enabled.

The attribute must also be supported in the configured RADIUS dictionary.

3gpp-nsapi

Indicates whether RADIUS accounting attribute for 3GPP NSAPI is enabled.

The attribute must also be supported in the configured RADIUS dictionary.

3gpp-select-mode

Indicates whether RADIUS accounting attribute for 3GPP select mode is enabled.

The attribute must also be supported in the configured RADIUS dictionary.

3gpp-charging-characteristics

Indicates whether RADIUS accounting attribute for 3GPP charging characteristics is enabled.

The attribute must also be supported in the configured RADIUS dictionary.

3gpp-sgsn-mcc-mnc

Indicates whether RADIUS accounting attribute for 3GPP SGSN MCC MNC is enabled.

The attribute must also be supported in the configured RADIUS dictionary.

3gpp-imeisv

Indicates whether RADIUS accounting attribute for 3GPP imeisv is enabled.

The attribute must also be supported in the configured RADIUS dictionary.

3gpp-rat-type

Indicates whether RADIUS accounting attribute for 3GPP RAT type is enabled.

The attribute must also be supported in the configured RADIUS dictionary.

3gpp-user-location-info

Indicates whether RADIUS accounting attribute for 3GPP user location information is enabled.

The attribute must also be supported in the configured RADIUS dictionary.

3gpp-ms-timezone

Indicates whether RADIUS accounting attribute for 3GPP ms timezone is enabled.

The attribute must also be supported in the configured RADIUS dictionary.

Authentication:

Algorithm

The RADIUS authentication server selection algorithm for the current context.

Deadtime

The time period to wait before changing the state of a RADIUS server from "Down" to "Active", in minutes.

Max-outstanding

The maximum number of messages a AAA manager will queue.

Max-retries

The maximum number of times communication with a AAA server is attempted before it is marked as "Not Responding" and the detect dead server's consecutive failures count is incremented.

Max-transmissions

The maximum number of re-transmissions for RADIUS authentication requests.

Timeout

The time period to wait for a response from the RADIUS server before re-sending the messages, in seconds.

Apn-to-be-included

The APN name included for RADIUS authentication.

Authenticate null-username

Indicates whether authentication of user names that are blank or empty is enabled.

Probe:

Interval

The time period between two RADIUS authentication probes.

Timeout

The timeout period for HAGR to wait for a response for RADIUS authentication probes.

Max-retries

The maximum number of retries for RADIUS authentication probe response.

Keepalive:

Interval

The time period between two keepalive access requests.

Timeout

The time period between two keepalive access request retries.

Retries

The number of times the keepalive access request is sent before marking the server as unreachable.

consecutive-response

The number of consecutive authentication responses after which the server is marked as reachable.

Username

The user name used for authentication.

Calling-station-id

The calling station ID used for keepalive authentication.

Password

The password used for authentication.

Allow access-reject

Indicates whether both access-accept and access-reject are considered as success for the keepalive authentication request.

Detect-dead-server:

Consecutive-failures

The number of consecutive failures, for any AAA manager, before a server's state is changed from "Active" to "Down".

Response-timeout

The time period for any AAA manager to wait for a response to any message before a server's state is changed from "Active" to "Down", in seconds.

Keepalive

Indicates whether the AAA server alive-dead detect mechanism based on sending keepalive authentication messages to all authentication servers is enabled.

Accounting:

Algorithm

The RADIUS accounting server selection algorithm for the current context.

Deadtime

The time period to wait before changing the state of a RADIUS server from "Down" to "Active", in minutes.

Fire-And-Forget

Displays whether or not the Fire-and-Forget feature is enabled in the AAA Group configuration.

Max-outstanding

The maximum number of messages a AAA manager will queue.

Max-retries

The maximum number of times communication with a AAA server will be attempted before it is marked as "Not Responding" and the detect dead server's consecutive failures count is incremented.

Max-transmissions

The maximum number of re-transmissions for RADIUS accounting requests.

Max-pdu-size

The maximum sized packet data unit which can be accepted/generated, in bytes.

Interim-timeout

The timeout period for sending accounting INTERIM-UPDATE records, in seconds.

Interim-downlink-volume

The downlink volume limit that triggers RADIUS interim accounting, in bytes.

Interim-uplink-volume

The uplink volume limit that triggers RADIUS interim accounting, in bytes.

Interim-total-volume

The total volume limit for RADIUS interim accounting, in bytes.

Timeout

The time period to wait for a response from a RADIUS server before retransmitting a request.

Remote-address

Indicates whether remote IP address lists are configured, and collection of accounting data for the addresses in those lists on a per-subscriber basis is enabled.

Archive

Indicates whether archiving of RADIUS Accounting messages in the system after the accounting message has exhausted retries to all available RADIUS Accounting servers is enabled.

Apn-to-be-included

The APN name included for RADIUS accounting.

R-P originated:

Trigger active-start

Indicates whether when an Active-Start is received from the PCF and there has been a parameter change, an R-P event occurs.

Trigger active-handoff

Indicates whether when an Active PCF-to-PFC Handoff occurs, a single or two R-P events will occur (one for the Connection Setup, and the second for the Active-Start).

Trigger active-stop

Indicates whether when an Active-Stop is received from the PCF, an R-P event occurs.

Trigger policy

the overall accounting policy for R-P sessions.

Trigger stop-start

Indicates whether a stop/start RADIUS accounting pair is sent to the RADIUS server when an applicable R-P event occurs.

Handoff policy

The overall accounting policy for R-P sessions.

TOD

The time of day a RADIUS event is generated for accounting.

GTP originated:

Trigger policy

The RADIUS accounting policy for GTP.

MIP HA:

Policy

The RADIUS accounting policy for Mobile IP HA calls.

Keepalive:

Interval

The time period between the two keepalive access requests.

Timeout

The time period between each keepalive access request retries.

Retries

The number of times the keepalive access request is sent before marking the server as unreachable.

consecutive-response

The number of consecutive authentication response after which the server is marked as reachable.

Username

The user name used for authentication.

Calling-station-id

The calling station ID used for keepalive authentication.

Framed-ip-address

The framed-ip-address used for keepalive accounting.

Detect-dead-server:

Consecutive-failures

The number of consecutive failures, for any AAA manager, before a server's state is changed from "Active" to "Down".

Response-timeout

The time period for any AAA manager to wait for a response to any message before a server's state is changed from "Active" to "Down", in seconds.

Keepalive

Indicates whether the AAA server alive-dead detect mechanism based on sending keepalive authentication messages to all authentication servers is enabled.

Charging:

Auth-algorithm

The RADIUS authentication algorithm.

Acct-algorithm

The RADIUS accounting algorithm.

Deadtime

The time period to wait before changing the state of a RADIUS server from "Down" to "Active", in minutes.

Max-outstanding

The maximum number of messages a AAA manager will queue.

Max-retries

The maximum number of times communication with a AAA server will be attempted before it is marked as "Not Responding" and the detect dead server's consecutive failures count is incremented.

Max-transmissions

The maximum number of re-transmissions for RADIUS requests.

Timeout

The time period to wait for a response from a RADIUS server before retransmitting a request.

Detect-dead-server:

Consecutive-failures

The number of consecutive failures, for any AAA manager, before a server's state is changed from "Active" to "Down".

Response-timeout

The time period for any AAA manager to wait for a response to any message before a server's state is changed from "Active" to "Down", in seconds.